2 * Copyright (c) 2006-2010 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
26 SecStaticCodePriv is the private counter-part to CSCommon. Its contents are not
27 official API, and are subject to change without notice.
29 #ifndef _H_CSCOMMONPRIV
30 #define _H_CSCOMMONPRIV
32 #include <Security/CSCommon.h>
40 @typedef SecCodeDirectoryFlagTable
41 This constant array can be used to translate between names and values
42 of CodeDirectory flag bits. The table ends with an entry with NULL name.
43 The elements are in no particular order.
44 @field name The official text name of the flag.
45 @field value The binary value of the flag.
46 @field signable True if the flag can be specified during signing. False if it is set
47 internally and can only be read from a signature.
53 } SecCodeDirectoryFlagTable
;
55 extern const SecCodeDirectoryFlagTable kSecCodeDirectoryFlagTable
[];
59 Blob types (magic numbers) for blobs used by Code Signing.
61 @constant kSecCodeMagicRequirement Magic number for individual code requirements.
62 @constant kSecCodeMagicRequirementSet Magic number for a collection of
63 individual code requirements, indexed by requirement type. This is used
64 for internal requirement sets.
65 @constant kSecCodeMagicCodeDirectory Magic number for a CodeDirectory.
66 @constant kSecCodeMagicEmbeddedSignature Magic number for a SuperBlob
67 containing all the signing components that are usually embedded within
69 @constant kSecCodeMagicDetachedSignature Magic number for a SuperBlob that
70 contains all the data for all architectures of a signature, including any
71 data that is usually written to separate files. This is the format of
72 detached signatures if the program is capable of having multiple architectures.
73 @constant kSecCodeMagicEntitlement Magic number for a standard entitlement blob.
74 @constant kSecCodeMagicByte The first byte (in NBO) shared by all these magic
75 numbers. This is not a valid ASCII character; test for this to distinguish
76 between text and binary data if you expect a code signing-related binary blob.
80 kSecCodeMagicRequirement
= 0xfade0c00, /* single requirement */
81 kSecCodeMagicRequirementSet
= 0xfade0c01, /* requirement set */
82 kSecCodeMagicCodeDirectory
= 0xfade0c02, /* CodeDirectory */
83 kSecCodeMagicEmbeddedSignature
= 0xfade0cc0, /* single-architecture embedded signature */
84 kSecCodeMagicDetachedSignature
= 0xfade0cc1, /* detached multi-architecture signature */
85 kSecCodeMagicEntitlement
= 0xfade7171, /* entitlement blob */
87 kSecCodeMagicByte
= 0xfa /* shared first byte */
92 Types of cryptographic digests (hashes) used to hold code signatures
95 Each combination of type, length, and other parameters is a separate
96 hash type; we don't understand "families" here.
98 These type codes govern the digest links that connect a CodeDirectory
99 to its subordinate data structures (code pages, resources, etc.)
100 They do not directly control other uses of hashes (such as the
101 hash-of-CodeDirectory identifiers used in requirements).
104 kSecCodeSignatureNoHash
= 0, /* null value */
105 kSecCodeSignatureHashSHA1
= 1, /* SHA-1 */
106 kSecCodeSignatureHashSHA256
= 2, /* SHA-256 */
107 kSecCodeSignatureHashPrestandardSkein160x256
= 32, /* Skein, 160 bits, 256 bit pool */
108 kSecCodeSignatureHashPrestandardSkein256x512
= 33, /* Skein, 256 bits, 512 bit pool */
110 kSecCodeSignatureDefaultDigestAlgorithm
= kSecCodeSignatureHashSHA1